The present application relates to methods, devices and systems for writing IC-specific (integrated circuit-specific) information to semiconductor wafers using one or more charged particle beam columns, and more particularly to using charged particle beams to securely write wafers during wafer fabrication with secure non-volatile data that is customizable per-IC.
Note that the points discussed below may reflect the hindsight gained from the disclosed inventions, and are not necessarily admitted to be prior art.
Security software plays important roles defending against device hacking and cyber intrusion. Software has been deployed at multiple levels of communication networks to secure data centers (“the cloud”), Internet links, gateways, and individual devices. Antivirus, anti-malware, and firewall software also provide some protection against cyberattacks. However, networks and devices are safe only until attackers find ways around the defense.
The strength of encryption systems used to protect electronics systems, networks, and infrastructure depends on unique, unpredictable, keys. Reliance on user-generated passwords (which are typically neither unique nor unpredictable) or on cryptographic keys generated by software (which might be subverted, sidestepped, or compromised) has not prevented wide-scale data theft, eavesdropping, hijacking of systems (e.g., “ransomware”), and other “cyber” crime.
Software coding errors, bugs, design errors, unforeseen code interactions, and other software flaws are both typical and often give rise to significant vulnerabilities. Finding such vulnerabilities is generally expensive and time consuming. Vulnerabilities are also frequently introduced deliberately, e.g., “backdoors” required by software providers to access users' software for updates, bug fixes, debugging, and other useful or valuable (or other) purposes. These are examples of types of vulnerabilities that have been discovered and exploited by cybercriminals.
Hardware-embedded security can be used to fortify cyber defense and avoid or remedy many of the problems with software-based security. Hardware-embedded security can be implemented using integrated circuit (IC) personalization to physically instantiate chip-specific (unique) and unpredictable security keys. However, most ICs are patterned using optical lithography, which is not generally conducive to per-IC customizable design.
In optical lithography, patterning a circuit layer is done through a photomask (mask) in cookie-cutter fashion. Chips patterned using the same mask set are identical. This is a big benefit in volume production. However, a mask set generally costs weeks and millions of dollars to manufacture, and the design layout expressed through the mask is static, not intrinsically enabling embedding chip-specific information during fabrication.
Because photo-mask information is fixed, all chips of a given design on a wafer receive the same pattern from optical lithography. Commercial-scale batches of ICs are generally produced such that most or all ICs in the batch are effectively identical to one or more (frequently all) other ICs in the batch at the time when IC fabrication is completed. IC personalization for security generally either happens after fabrication, or not at all.
Currently available hardware solutions for IC personalization include fuse-programmable integrated circuits, Flash memory and physically unclonable functions (“PUFs”). These approaches do not embed chip-specific information in interconnects within the IC.
In the fuse-programmable integrated circuit approach, after ICs are produced, encrypted information is written on each individual IC to enhance security. But the fusing operation is typically outsourced and the data to be written is exposed to potential access by, or through vulnerabilities in the systems and operations of, the third party performing the fusing operation (typically the post-fabrication test operator). As a result, trust and security can be compromised. (Third party security issues can be avoided in the case of integrated device manufacturers (“IDMs”), where all steps from design to fabrication (fab) to test to packaging are performed and controlled by the IDM; but IDMs tend to be a minority of device producers.) Apple's Secure Enclave is an example of a fuse-programmable approach to hardware-embedded information unique to each IC, and is disclosed in U.S. Pat. No. 8,832,465, which is incorporated herein by reference.
Though Flash memories are often described or advertised as non-volatile, Flash memories have data retention times of about five to ten years (or less). This may be acceptable for fleeting consumer products, but it is likely inadequate for some types of IoT (Internet of Things) or PLC (Programmable Logic Controller) devices that are connected to or are integral parts of critical infrastructure. Data in Flash is also generally visible external to the IC on which it is written, making the data vulnerable to external access and/or manipulation.
A physical unclonable function (PUF) establishes a data string which depends upon partially random physical characteristics of an IC. The physical characteristics are caused by variations during the manufacturing of the IC. Process variations during IC manufacturing are both unavoidable and difficult to reproduce. Thus, in principal, PUFs can be used to establish unique, unreproducible, data strings for each IC. However, the contents of a PUF cannot be predetermined, and PUF responses are somewhat noisy. Furthermore, PUF responses may change with temperature or time, or may be read from, or derived from, memory. An example of a PUF is a volatile memory which at power-up has contents that depend on the partially random physical characteristics of the memory. Manufacturing variations lead to different physical characteristics for different memories. See U.S. Pat. App. Publ. 20140325237, which is incorporated herein by reference.